Users are increasingly utilizing electronic devices and services to obtain various types of information and perform various actions. In many cases, a user will obtain security credentials that enable that user to communicate with another party over a network in a way that enables the recipient to authenticate an identity of the sender, and prevents unintended recipients from accessing information it the communications. Oftentimes, however, the security credentials are sent along with the communication. For example, a security approach using a cookie or session token typically requires that the cookie or token be sent with any request for a given session. Such an approach is not optimal in many situations, as the secure information is transmitted outside the protected environment of the user. Any party receiving the secure information, either by intercepting a communication or causing a recipient machine to forward or redirect a communication, for example, can potentially impersonate the user by including the secure information in a subsequent request.